← Back to POS

Privacy Policy

AskBiz POS · AskBiz Ltd · Effective date: 16 June 2026 · Last updated: 16 June 2026

1. Who We Are & Our Role

AskBiz POS (pos.askbiz.co) is a point-of-sale, inventory and logistics application operated by AskBiz Ltd (“AskBiz”, “we”, “us”). It is used by business owners to run sales, manage staff, track stock and coordinate deliveries.

The business owner is the data controller for the staff and customer personal data processed through their POS account — they decide what data is entered and why. AskBiz acts as the data processor, handling that data only to provide the service on the business owner’s instructions.

For data we collect directly to run our platform (account details, billing, security logs), AskBiz is the controller.

Contact: privacy@askbiz.co

2. Data We Process

Business owner / account data: Name, email, business type, country, and subscription details when an account is created.

Staff data: Staff names, roles, and PINs used to sign in to the POS. PINs are hashed (bcrypt) and never stored in plain text.

Customer data: Customer names and phone numbers (when provided for receipts or records), and the transaction history linked to them.

Transaction & inventory data: Products sold, quantities, prices, discounts, payment methods, timestamps, stock levels, and product details.

Photos & images: Camera images of products, barcodes, price tags, number plates, and vehicle inspections. Scan images are processed in real time — raw images are not retained on our servers; only the extracted data (e.g. product name, price, plate number) is kept.

Driver GPS / location data: If the logistics module is used, driver location and delivery routes are processed to track parcels and manage deliveries.

Technical data: Session information, device type, and security logs (e.g. failed login attempts) for fraud prevention.

Locally stored data: Your signed-in staff session is stored in your browser’s local storage (key pos_staff) so the POS keeps you logged in. Offline cash sales are also held locally until they sync.

3. Why We Process It (Purposes)

  • Operating the POS: sales, receipts, inventory and reporting
  • Authenticating staff and securing the business account
  • Processing payments via card and mobile money providers
  • Scanning products, barcodes, price tags and number plates with AI
  • Managing logistics: parcel tracking, routes, driver location and vehicle inspections
  • Sending sales receipts via WhatsApp/SMS when a customer opts in
  • Preventing fraud and abuse, and keeping the service secure

4. Lawful Basis

Processing activityLawful basisGDPR
Running the POS service for the businessContract performanceArt. 6(1)(b)
Processing customer & transaction recordsController (business) instructionArt. 28
Sending receipts to customersCustomer consentArt. 6(1)(a)
Camera / number-plate scanningContract performanceArt. 6(1)(b)
Driver GPS & delivery trackingContract performanceArt. 6(1)(b)
Fraud prevention & security logsLegitimate interestArt. 6(1)(f)
Payment processingContract performanceArt. 6(1)(b)

5. Data Retention

Data typeRetention
Transaction & inventory historyRetained for accounting/tax compliance (typically 7 years); exportable or deletable on request
Customer phone numbers30 days, then automatically deleted
Staff PIN recordsHashed; failed-login logs kept 90 days then deleted
Camera scan imagesNot stored — processed in real time only
Number-plate & vehicle inspection photos6 months
Logistics & delivery / GPS data12 months after delivery completion
Locally stored session (pos_staff)Cleared on sign-out / browser clear
Offline sale dataUntil synced to server, then cleared locally

6. Your Data-Subject Rights

You have the right to access, correct, delete, restrict, port, and object to the processing of your personal data, and to withdraw consent at any time. These satisfy EU/UK GDPR and most other applicable privacy laws.

If you are a customer or staff member of a business that uses AskBiz POS, that business is the data controller. To access or erase your data, contact the business owner directly — they decide what data is held and can action your request in the POS.

AskBiz (as processor) will support any controller in fulfilling these requests, and will action requests relating to data we control (such as account or billing data). Email privacy@askbiz.co and we respond within 30 days.

You may also lodge a complaint with your local data protection authority.

7. Sub-Processors

We use the following sub-processors, each bound by a data processing agreement and appropriate transfer safeguards (Standard Contractual Clauses where data leaves the EU/UK):

  • Supabase — database & authentication hosting (AWS, EU West)
  • Anthropic — AI processing of scan images for product, price-tag and number-plate recognition (USA)
  • Stripe — card payment processing (PCI DSS Level 1)
  • Paystack — card & local payment processing (Africa)
  • WhatsApp / Meta — receipt delivery when a customer opts in (USA)
  • Twilio — SMS receipt and notification delivery (USA)
  • Vercel — application hosting and CDN (global edge)

We never sell your data and never share it with advertisers.

8. Security

We protect data using encrypted connections (TLS), bcrypt-hashed staff PINs, row-level security on our database, and scoped access controls. If a breach occurs that is likely to risk your rights, we notify the relevant authority within 72 hours and affected users without undue delay. Report security concerns to security@askbiz.co.

9. Cookies & Local Storage

The POS uses minimal essential storage, plus Google Analytics once you consent to it in the cookie banner — it does not run advertising cookies. See our Cookie Policy for full detail.

10. Changes

We will notify business owners of any material changes to this policy before they take effect. Continued use of AskBiz POS after changes constitutes acceptance.

Contact us
Privacy & data rights: privacy@askbiz.co
Security incidents: security@askbiz.co
AskBiz Ltd · pos.askbiz.co
Terms of ServiceCookie Policy← Back to POS